commit | ae819bb3096b63a11b8c1ff47dd3b69f85ea241b | [log] [tgz] |
---|---|---|
author | mkwst <mkwst@chromium.org> | Mon Feb 23 05:10:31 2015 |
committer | Commit bot <commit-bot@chromium.org> | Mon Feb 23 05:11:25 2015 |
tree | ec97dfaf204412c66e4246c597fe00cbdf64083e | |
parent | d726d218c92888278509ef9b4a9e639cf9fce659 [diff] |
Implement the "First-Party-Only" cookie attribute. First-party-only cookies allow servers to mitigate the risk of cross-site request forgery and related information leakage attacks by asserting that a particular cookie should only be sent in a "first-party" context. This patch adds support for the 'First-Party-Only' attribute to the CookieMonster and CookieStore, but does not yet wire up requests such that the flag has any effect. https://codereview.chromium.org/940373002 will do so by correctly setting the first-party URL on the CookieOptions object used to load cookies for a request. Spec: https://tools.ietf.org/html/draft-west-first-party-cookies Intent to Implement: https://groups.google.com/a/chromium.org/d/msg/blink-dev/vT98riFhhT0/3Q-lADqsh0UJ BUG=459154 TBR=dpolukhin@chromium.org Review URL: https://codereview.chromium.org/876973003 Cr-Commit-Position: refs/heads/master@{#317544}